PSU CODEX Principles Violated by Facebook Personal Data Case Study


Part II: Examine the following case and answer the questions that follow. 

British and US lawyers have launched a joint class action against Facebook, Cambridge Analytica and two other companies for allegedly misusing the personal data of more than 71 million people. The lawsuit claims the firms obtained users’ private information from the social media network to develop “political propaganda campaigns” in the UK and the US.

In June 2014, a researcher named Aleksandr Kogan developed a personality-quiz app for Facebook. It was heavily influenced by a similar personality-quiz app made by the Psychometrics Centre, a Cambridge University laboratory where Kogan worked. About 270,000 people installed Kogan’s app on their Facebook account. But as with any Facebook developer at the time, Kogan could access data about those users or their friends. And when Kogan’s app asked for that data, it saved that information into a private database instead of immediately deleting it. Kogan provided that private database, containing information about 50 million Facebook users, to the voter-profiling company Cambridge Analytica. Cambridge Analytica used it to make 30 million “psychographic” profiles about voters. While Kogan was granted permission by Facebook to collect data for academic research, the lawsuit maintains, it ended up being used for political and commercial purposes.

Cambridge Analytica has significant ties to some of President Trump’s most prominent supporters and advisers. Rebekah Mercer, a Republican donor and a co-owner of Breitbart News, sits on the board of Cambridge Analytica. Her father, Robert Mercer, invested $15 million in Cambridge Analytica on the recommendation of his political adviser, Steve Bannon, according to the Times. On Monday, hidden-camera footage appeared to show Alexander Nix, Cambridge Analytica’s CEO, offering to bribe and blackmail public officials around the world. If Nix did so, it would violate U.K. law. Cambridge Analytica suspended Nix on Tuesday. Cambridge Analytica also used its “psychographic” tools to make targeted online ad buys for the Brexit “Leave” campaign, the 2016 presidential campaign of Ted Cruz, and the 2016 Trump campaign.

In early April 2018, Facebook released aggregate figures of those it believed to be affected. Worldwide, it estimated that 87 million people had had their information harvested by the app, This is Your Digital Life, created by Cambridge Analytica and Kogan.

The social network has since broken that figure down by country: the vast majority of those whose information was “improperly shared with Cambridge Analytica” were in the US (more than 70 million people), but substantial numbers of those affected were in the UK (1.1 million), Canada (600,000), India (550,000) and Australia (310,000).

Most of those users will have had their information – including their public profile, page likes, birthday and home town – uploaded through no direct action of their own. Instead, one of their friends would have logged in to Kogan’s app and gave it permission to extract their friends’ data, probably unknowingly. 

Facebook has made a commitment to proactively inform those whose data was taken by Cambridge Analytica, and on April, 2018 the company made available a tool to allow users to check for themselves.

As the scandal has grown, the systematic weakness of Facebook’s access controls in the first half of this decade has prompted concerns that Cambridge Analytica may just be the tip of the iceberg.

Facebook has confessed to another unrelated data leak, with more than a billion profiles being “scraped” due to a feature that allowed users to look at pages by entering a phone number or email address.

The company has not yet made a commitment to informing users of whether they were caught up in any of these other data leaks.

a)     Which CODEX principle(s) was violated by Facebook? Explain your answer. 

b)    Provide a balanced descriptive, analytical and normative analysis of the case.